Email Forensics in the Workplace | Federal Forensics Group

Company News

Email Forensics in the Workplace

May 15th, 2009

Often times I am relied upon to examine email in the workplace in connection with violations of company policy. While most employees are prohibited from using company email for personal use, email forensics may reveal more than just loss of worker productivity.

Email forensics frequently uncovers information detailing inappropriate disclosures of trade secrets to clients and competitors, theft of intellectual property, and in some instances, the use of company resources by employees managing a competing business on the side.

Other concerns include interpersonal problems, such as harassing or threatening messages which may endanger an employee or prompt a law suit. All of these pose significant liabilities to the health and competitiveness of the company. An effective email forensic process may be employed to counteract these various problems and mitigate any potential damage.

It is important to keep in mind that email is a powerful tool that has all but revolutionized business communications. It is also very effective at recording the details of the messages exchanged, even in cases where the message has been deleted. In such cases, recorded data can be scattered across a computer’s hard drive. Email forensics is the process of reconstructing the bits of data to reveal the contents of the message. This process can also provide dates and times when the message was sent, IP address of the sender, and any files that may have been attached. A proper forensic analysis can be used to develop a narrative for the computer user’s activity.

Traditionally, email forensics will be relied upon to prove a case once a breach has been discovered. For example, a company looses a software contract with a client prior to resignation of a manger. It is discovered that the manager has subsequently gone to work for the client, and his employer becomes suspicious. A computer forensics analysis of the manager’s work computer reveals that the he had revealed proprietary information to the client during negotiations allowing them to outsource development of the program to a third vendor at a discount. Though the damage has been done, email forensics would be the vehicle for discovery of evidence to submit to the court in a claim for damages.

More significantly, an email forensic examination should be employed at the first sign of a potential problem in order to gain information as early as possible to prevent further damage from occurring. In a recent case it was suspected that an employee was sending/receiving inappropriate messages at work. Forensic examination of the computer yielded sexually explicit emails and attached images. Further analysis revealed that these messages were being exchanged with other co-workers. The organization in this case was able to react before the risk of sexual harassment was actually realized in the work place.

Many companies establish polices as a code of employee conduct. These policies announce expectations of appropriate work-time behavior and email usage. Minor breaches can have a relatively benign impact. However, computer forensics provides a valuable resource in assessing the situation, and a properly conducted analysis could help to mitigate potential damages, and prove invaluable in cases involving more egregious violations.

« May 7, 2009-

Federal Forensics Group on Fox 11 News »

Pirates Get a Taste of Microsoft COFEE. Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) software, which helps law enforcement officials grab data from password protected or encrypted sources, has leaked.

Facebook Privacy Changes Draw Mixed Reviews. Facebook’s revamped privacy settings will push more user data onto the Internet and, in some cases, make privacy protection harder for Facebook users, digital civil liberties experts said.

Hackers Pillage Jailbroken iPhones. Hackers are plundering personal data from jailbroken iPhones using the tactic demonstrated last week by an Australian programmer’s self-described “prank,” researchers said today.

Social Networking Explodes and The Law Will Follow. Inevitably, we will see lawsuits where people allege that they have been defamed by false information about them posted on social networking pages.

Crafting a More Effective Keyword Search Despite the insight of Facciola, Grimm and Peck, lawyers still don’t know what to do when it comes to effective, defensible keyword search.

Police say hacker stole phone time from AT&T, others The investigation began in May 2007 following a tip-off from the FBI that a group of hackers based in the Philippines had violated the IT security of major international phone companies.

Don’t Mess With System Metadata. Sometimes a computer holds evidence, and sometimes a computer is evidence. It’s a distinction with a difference when deciding whether to act in ways that will stomp on data essential to computer forensic examination.

How Facebook mucks up office life. Managing a workforce is already a challenging job; now Facebook and other social networks raise a host of sticky new situations.

Linux group seeks to discredit Microsoft patents in TomTom case. A Linux group is hoping to discredit three Microsoft Corp. patents that were at the heart of the software vendor’s recent lawsuit against GPS device maker TomTom NV.

Laid-off workers as data thieves? A growing crime wave where laid-off workers exact vengeance on their former employers by walking out the door with sensitive customer data and other proprietary information.

As Jurors Turn to Web, Mistrials Are Popping Up. The use of BlackBerrys and iPhones by jurors gathering and sending out information about cases is wreaking havoc on trials around the country, upending deliberations and infuriating judges.

e-Discovery Rules - Interpreting ESI from Federal to State Courts. Is it email? Certainly, but what about the email stored on inaccessible backup tapes or legacy systems from 15 years ago? What about voicemail, instant messages or random access memory (RAM)?

Federal Forensics Group
5777 W. Century Blvd., Ste. 1015, Los Angeles, CA 90045 • 310.318.1073 direct 310.388.1523 fax

Home | Services | Process | Resources | Contact